Keep Your Data Safe: Unattended Workstation Standards

Ensure that your staff never leave a workstation unlocked or unattended. Each workstation contains access to your most precious assets: your member and organization’s data. While much focus is placed on cybersecurity efforts to prevent malware or viruses, it is equally important to focus on the individual using the workstation. A computer is the most vulnerable when a user that is logged into the network leaves it unattended. It is possible for unauthorized access to applications to result in changes to data, fraudulent use, installing malware, etc. One cannot know who is going to be in the vicinity of a workstation, especially in high traffic areas, such as a front desk or a welcome center. Workstations located near these areas especially need to be secured. We recommend the following unattended workstation standards:

When leaving a workstation unattended, even if only for a few minutes it is best practice to lock your workstation with a password

Implement a password protected screen saver to run after a period of inactivity. PCI (Payment Card Industry) compliance states 15 minutes if idle

If the workstation needs to be unattended, such as a check-in station, only allow access to that particular page with no additional permissions or access

At the end of each shift log off all applications, systems, and networks for your workstation.